/**
 * Path-emission allowlist for AGENTS.md link-index entries.
 *
 * Per ADR-1 §2 (security mitigation R2): the generator MUST only emit `Path:` values
 * that match a path produced by the AIWG-owned PROVIDER_PATHS map plus the canonical
 * `~/.agents/skills/` cross-provider user-scope target. Files deployed by project-local
 * manifests at non-AIWG paths are not indexed. This closes the link-redirect attack
 * surface where a malicious project-local artifact could cite a shadow file outside
 * AIWG's path-map domain.
 */
/**
 * Result of an allowlist check.
 */
export interface AllowlistResult {
    ok: boolean;
    /** Reason path was rejected; empty when ok=true */
    rejectedFor: string;
    /** True when the path matched a user-scope prefix (~/...) */
    isUserScope: boolean;
}
/**
 * Check whether a path is allowed in an AGENTS.md link-index entry.
 *
 * Accepts both relative project-scope paths and absolute user-scope paths
 * (rooted in homedir()). Rejects all other paths.
 *
 * Path normalization:
 * - Backslashes are converted to forward slashes for cross-platform compatibility.
 * - Leading `./` is stripped.
 * - `..` segments anywhere in the path cause rejection (prevents escaping the project root).
 */
export declare function checkPathAllowed(inputPath: string): AllowlistResult;
export declare const ALLOWLIST_INTERNALS: {
    AIWG_PATH_PREFIXES_RELATIVE: readonly string[];
    AIWG_PATH_PREFIXES_USER: readonly string[];
};
//# sourceMappingURL=allowlist.d.ts.map